Help Center

Environment Variables

Operator reference for every Seedly Sites environment variable - what each setting does, where it goes, and which ones are required.

Every operator-facing setting a live instance cares about, grouped by area. Three kinds of value:

  • generated - the platform's own secrets, produced by npx pnpm run gen:secrets
  • provider - a key you get from a third party (Railway, Cloudflare, Stripe, and so on)
  • config - a plain value you choose

Where they go: app-owned secrets and most config go on the Railway cms service (saving redeploys it). A few also go on the pagebuilder service or as GitHub Actions secrets for the deploy pipeline. In the local sandbox most of these are unset and the platform falls back to safe defaults.

The authoritative check is the doctor: npx pnpm run setup:check -- --target=prod names exactly what is missing for a live instance. This page explains what each value is for - never the values themselves. Keep every secret in a password manager (Backups) and never commit one to Git.


Core / Auth#

NameKindRequiredPurpose
PAYLOAD_SECRETgeneratedyesSigns sessions and tokens. Distinct per environment; rotating it signs everyone out
SUPER_ADMIN_EMAILconfigyesThe locked super-admin identity. Set your own; the doctor flags the vendor default
CRON_SECRETgeneratedyes (prod)Authenticates scheduled-job routes (backups, scheduled publish, retention)
SEED_SECRETgeneratednoGates the one-time bootstrap endpoint
DEPLOY_STATUS_SECRETgeneratednoAuthenticates deploy-status callbacks from the tenant deploy workflow
PAYLOAD_EMAIL / PAYLOAD_PASSWORDconfig / generatednoService-account login the build and render tooling use to reach the CMS API
INSTANCE_BRAND_NAMEconfignoWhite-label name shown in admin chrome and emails
SUPPORT_EMAILconfignoSupport contact surfaced to clients

Database#

NameKindRequiredPurpose
PAYLOAD_ADAPTERconfigyes (prod)Unset = the local sandbox file database; set for the Postgres adapter in production
DATABASE_URLprovideryes (prod)The Railway Postgres connection string

Cloudflare (Media + Hosting)#

NameKindRequiredPurpose
R2_ENDPOINTprovideryes (prod)The R2 storage endpoint for durable media. Without the R2 keys, storage falls back to ephemeral local disk
R2_ACCESS_KEY_IDprovideryes (prod)R2 access key id
R2_SECRET_ACCESS_KEYprovideryes (prod)R2 secret access key
R2_BUCKET_NAMEconfignoBucket name (has a sensible default)
R2_PUBLIC_URLconfigyes (build)Public base URL media is served from; applied when a site is built
CF_API_TOKENprovideryes (prod)Token the platform uses to auto-create per-site Pages projects. Also a GitHub Actions secret
CF_ACCOUNT_IDconfigyes (prod)Your Cloudflare account id

GitHub Deploy#

NameKindRequiredPurpose
GITHUB_DEPLOY_TOKENprovideryes (prod)A GitHub token (repo and workflow scope) that dispatches the tenant deploy workflow
GITHUB_DEPLOY_REPOconfigyes (prod)The repo the deploy workflow runs in. Set your OWN repo; the doctor flags the vendor default

AI#

NameKindRequiredPurpose
ANTHROPIC_API_KEYprovideryesClaude API key for brand-DNA generation, port revision, and visual QA
SEEDLY_DNA_MODEL / SEEDLY_QA_MODEL / SEEDLY_REVISE_MODELconfignoOverride the model each AI flow uses

Email#

NameKindRequiredPurpose
SENDGRID_API_KEYprovideryes (prod)Transport for auth and notification email. Unset = those emails are logged, not sent
EMAIL_FROM_ADDRESSconfigyes (prod)Default From address; must be a verified sender at your email provider

Studio / Render Wiring#

NameKindRequiredPurpose
STUDIO_INTERNAL_URLconfigyes (prod)The studio's internal URL; the CMS proxies the builder to it so the builder is same-origin in production
CMS_BASE_URLconfignoCanonical CMS origin for absolute links
RENDER_BASE_URLconfignoCMS-to-render base for preview links
PAYLOAD_API_URLconfignoThe CMS API origin the render/studio build talks to
PUBLIC_CMS_URLconfignoThe CMS origin baked into the studio build
STUDIO_ORIGINconfignoAn extra allowed origin for a dev-direct studio

Billing (Optional)#

All optional: leave unset and billing is simply inert. See Billing.

NameKindPurpose
STRIPE_SECRET_KEYproviderYour Stripe API key
STRIPE_WEBHOOK_SECRETproviderVerifies Stripe webhook signatures
STRIPE_PRICE_IDconfigThe subscription price the Subscribe button checks out
BILLING_DEFAULT_ENFORCEMENTconfigInstance default when a lapsed tenant's enforcement is set to "default": edit lock, suspend, or none

Optional Integrations (Fail Soft When Unset)#

NamePurpose
GOOGLE_PLACES_API_KEYPlaces lookup for location capture
GOOGLE_MAPS_EMBED_API_KEYMaps embed for the location card
INDEXNOW_KEYIndexNow key; unset = the search-engine ping on deploy is skipped
SENTRY_DSN / NEXT_PUBLIC_SENTRY_DSNServer and client error monitoring
NEXT_PUBLIC_ADMIN_LOGO_URLWhite-label logo on the admin/login screen
NEXT_PUBLIC_ENABLE_AB_TESTSEnables the experimental A/B tests feature
SEEDLY_BACKUP_DIRBackup output directory

The intake (generate-from-brand-DNA) flow has additional keys of its own; they are intentionally not documented here yet.

Was this page helpful?